On Mon, 1 Nov 2004 12:11:48 +0100, Luis Fernando Llana Díaz
<llana@sip.ucm.es> wrote:
> Hi all,
> I have a doubt. I ussually use ssh to access remote machines without sending any password
> (PasswordAuthentication no) and I store private keys with the help of ssh-agent.
> This is valid also to login as another users (including root) in the local machine
> (ssh root@localhost). With the help of ssh agent, on can open several root sessions by only
> asking one password: the one of my private key "id_rsa". In this way I void tping a root password any time
> I want to be root.
> It is very easy for me to work this way, but I would to know if there could be aware of any possible
> security problems to do so. The only problem is that if I make ssh root@localhost, its gain root privileges
> whitout asking any password.
>
I think you'll find a lot of discussions (flamewars?) about the
subject. Try looking with google about security benefits of keys
versus plain text passwords.
Andrea